6,568 research outputs found
Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
Intel Software Guard Extensions (SGX) is a promising hardware-based
technology for protecting sensitive computations from potentially compromised
system software. However, recent research has shown that SGX is vulnerable to
branch-shadowing -- a side channel attack that leaks the fine-grained (branch
granularity) control flow of an enclave (SGX protected code), potentially
revealing sensitive data to the attacker. The previously-proposed defense
mechanism, called Zigzagger, attempted to hide the control flow, but has been
shown to be ineffective if the attacker can single-step through the enclave
using the recent SGX-Step framework.
Taking into account these stronger attacker capabilities, we propose a new
defense against branch-shadowing, based on control flow randomization. Our
scheme is inspired by Zigzagger, but provides quantifiable security guarantees
with respect to a tunable security parameter. Specifically, we eliminate
conditional branches and hide the targets of unconditional branches using a
combination of compile-time modifications and run-time code randomization.
We evaluated the performance of our approach by measuring the run-time
overhead of ten benchmark programs of SGX-Nbench in SGX environment
Recommended from our members
Concurrency Attacks
Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. Questions such as whether these attacks are real and what characteristics they have remain largely unknown. In this paper, we present a preliminary study of concurrency attacks and the security implications of real concurrency errors. Our study yields several interesting findings. For instance, we observe that the exploitability of a concurrency error depends on the duration of the timing window within which the error may occur. We further observe that attackers can increase this window through carefully crafted inputs. We also find that four out of five commonly used sequential defense mechanisms become unsafe when applied to concurrent programs. Based on our findings, we propose new defense directions and fixes to existing defenses
Experimental evaluation of two software countermeasures against fault attacks
Injection of transient faults can be used as a way to attack embedded
systems. On embedded processors such as microcontrollers, several studies
showed that such a transient fault injection with glitches or electromagnetic
pulses could corrupt either the data loads from the memory or the assembly
instructions executed by the circuit. Some countermeasure schemes which rely on
temporal redundancy have been proposed to handle this issue. Among them,
several schemes add this redundancy at assembly instruction level. In this
paper, we perform a practical evaluation for two of those countermeasure
schemes by using a pulsed electromagnetic fault injection process on a 32-bit
microcontroller. We provide some necessary conditions for an efficient
implementation of those countermeasure schemes in practice. We also evaluate
their efficiency and highlight their limitations. To the best of our knowledge,
no experimental evaluation of the security of such instruction-level
countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented
Security and Trust (HOST), Arlington : United States (2014
Detection of Lightweight Directory Access Protocol Query Injection Attacks in Web Applications
The Lightweight Directory Access Protocol (LDAP) is a common protocol used in organizations for Directory Service. LDAP is popular because of its features such as representation of data objects in hierarchical form, being open source and relying on TCP/IP, which is necessary for Internet access. However, with LDAP being used in a large number of web applications, different types of LDAP injection attacks are becoming common. The idea behind LDAP injection attacks is to take advantage of an application not validating inputs before being used as part of LDAP queries. An attacker can provide inputs that may result in alteration of intended LDAP query structure. LDAP injection attacks can lead to various types of security breaches including (i) Login Bypass, (ii) Information Disclosure, (iii) Privilege Escalation, and (iv) Information Alteration. Despite many research efforts focused on traditional SQL Injection attacks, most of the proposed techniques cannot be suitably applied for mitigating LDAP injection attacks due to syntactic and semantic differences between LDAP and SQL queries. Many implemented web applications remain vulnerable to LDAP injection attacks. In particular, there has been little attention for testing web applications to detect the presence of LDAP query injection attacks.
The aim of this thesis is two folds: First, study various types of LDAP injection attacks and vulnerabilities reported in the literature. The planned research is to critically examine and evaluate existing injection mitigation techniques using a set of open source applications reported to be vulnerable to LDAP query injection attacks. Second, propose an approach to detect LDAP injection attacks by generating test cases when developing secure web applications. In particular, the thesis focuses on specifying signatures for detecting LDAP injection attack types using Object Constraint Language (OCL) and evaluates the proposed approach using PHP web applications. We also measure the effectiveness of generated test cases using a metric named Mutation Score
Attitudes Toward Contraception Among Fourth Wave College-Aged Women
This research examines how college-aged women today view contraception in comparison to the ways it has been viewed by previous generations of women, as well as what they view the future of contraception in the United States to look like. This has been done through a lens of political action and advocacy, which has defined the fight for access to contraception and reproductive justice throughout history. In light of the recent threats on contraception and the corresponding responsive social movements, such as the Women’s March, women in the United States are shifting their views on the matter, but what actions are they taking?Reproductive health is highly politicized, yet college-aged/millennial women are not accustomed to an administration that attacks contraception and their access to it. In response to the current American political climate, we\u27ve seen an embracing of feminism in the mainstream media and feminist organization, such as the Women\u27s March, but have yet to see any policy change. The question this has led me to explore is whether or not attacks on access to contraception will politically mobilize and unite women. This research is based in interviews with women on the Gettysburg College campus and the analysis of data on racial, geographic, and class disparities in health care/access in order to understand the politicization of contraception in women\u27s lives
SNIFF: Reverse Engineering of Neural Networks with Fault Attacks
Neural networks have been shown to be vulnerable against fault injection
attacks. These attacks change the physical behavior of the device during the
computation, resulting in a change of value that is currently being computed.
They can be realized by various fault injection techniques, ranging from
clock/voltage glitching to application of lasers to rowhammer. In this paper we
explore the possibility to reverse engineer neural networks with the usage of
fault attacks. SNIFF stands for sign bit flip fault, which enables the reverse
engineering by changing the sign of intermediate values. We develop the first
exact extraction method on deep-layer feature extractor networks that provably
allows the recovery of the model parameters. Our experiments with Keras library
show that the precision error for the parameter recovery for the tested
networks is less than with the usage of 64-bit floats, which
improves the current state of the art by 6 orders of magnitude. Additionally,
we discuss the protection techniques against fault injection attacks that can
be applied to enhance the fault resistance
- …